iso iec 27701 2025 transition announcement

ISO/IEC 27701:2025 was published on 31 October 2025, replacing ISO/IEC 27701:2019. With the new edition, the Privacy Information Management System (PIMS) has been transformed from an extension dependent on ISO/IEC 27001 and ISO/IEC 27002 into a standalone management system standard.

In the new standard, the management system requirements have been restructured in accordance with Clauses 4–10; the requirements relating to the roles of PII controller and PII processor, privacy risk assessment, the Statement of Applicability, performance evaluation and Annex A controls have been updated.

In accordance with IAS/MSCB/127 Technical Bulletin, certified organizations are required to complete their transition to ISO/IEC 27701:2025 no later than 31 October 2027. The date from which initial certification and recertification audits will begin to be conducted against the new standards will be announced separately, depending on Kioscert’s accreditation transition date.

As part of the transition, certified organizations are expected to:

  • Assess the differences between ISO/IEC 27701:2019 and ISO/IEC 27701:2025,
  • Review the PIMS scope and PII processing roles,
  • Update the privacy risk assessment and risk treatment plan,
  • Revise the Statement of Applicability in line with the new Annex A control structure,
  • Verify the updated system through internal audit and management review.

For detailed information on the transition process, key changes and the activities to be carried out by organizations, please review our ISO/IEC 27701:2025 Transition Guide and Summary Gap Analysis document or contact Kioscert Certification.


Please Wait